def get_credentials(user):
try:
LOGGER.info('/USERS/%s/credentials [GET] => receiving call', user)
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS/%s/credentials [GET] => Authenticated!', user)
if token.is_admin or token.username == user:
if juju.user_exists(user):
code, response = 200, juju.get_credentials(user)
LOGGER.info(
'/USERS/%s/credentials [GET] => Succesfully retrieved credentials!',
user)
else:
code, response = errors.does_not_exist('user')
LOGGER.error(
'/USERS/%s/credentials [GET] => User %s does not exist!',
user, user)
else:
code, response = errors.no_permission()
LOGGER.error(
'/USERS/%s/credentials [GET] => No Permission to perform this action!',
user)
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def grant_to_model(user, controller):
try:
LOGGER.info('/USERS/%s/controllers/%s/models [PUT] => receiving call',
user, controller)
data = request.json
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS/%s/controllers/%s/models [PUT] => Authenticated!',
user, controller)
con = juju.authorize(token, controller)
LOGGER.info('/USERS/%s/controllers/%s/models [PUT] => Authorized!',
user, controller)
if (token.is_admin or con.c_access == 'superuser') and 'admin' != user:
if juju.user_exists(user):
juju.set_models_access(token, con, user, data)
LOGGER.info(
'/USERS/%s/controllers/%s/models [PUT] => Setting model access, check set_model_access.log for more information!',
user, controller)
code, response = 202, 'The model access is being changed'
else:
code, response = errors.does_not_exist('user')
LOGGER.error(
'/USERS/%s/controllers/%s/models [PUT] => User %s does not exist!',
user, controller, user)
else:
user_access = juju.get_models_access(con, user)
if juju.user_exists(user):
for mod in data:
if not mod['name'] in user_access:
LOGGER.error(
'/USERS/%s/controllers/%s/models [PUT] => No Permission to perform this action!',
user, controller)
code, response = errors.no_permission()
return juju.create_response(code, response)
juju.set_models_access(token, con, user, data)
LOGGER.info(
'/USERS/%s/controllers/%s/models [PUT] => Setting model access, check set_model_access.log for more information!',
user, controller)
code, response = 202, 'The model access is being changed'
else:
code, response = errors.does_not_exist('user')
LOGGER.error(
'/USERS/%s/controllers/%s/models [PUT] => User %s does not exist!',
user, controller, user)
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def grant_to_controller(user, controller):
try:
LOGGER.info('/USERS/%s/controllers/%s [PUT] => receiving call', user,
controller)
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS/%s/controllers/%s [PUT] => Authenticated!', user,
controller)
con = juju.authorize(token, controller)
LOGGER.info('/USERS/%s/controllers/%s [PUT] => Authorized!', user,
controller)
if (token.is_admin or con.c_access == 'superuser') and 'admin' != user:
if juju.user_exists(user):
if request.json['access'] and juju.c_access_exists(
request.json['access'].lower()):
juju.grant_user_to_controller(
token, con, user, request.json['access'].lower())
LOGGER.info(
'/USERS/%s/controllers/%s [PUT] => Changing user access, check set_controller_access.log for more information!',
user, controller)
code, response = 202, 'The user\'s access is being changed'
else:
LOGGER.error(
'/USERS/%s/controllers/%s [PUT] => Invalid access data provided : %s',
user, controller, request.json['access'])
code, response = errors.invalid_access('access')
else:
LOGGER.error(
'/USERS/%s/controllers/%s [PUT] => User %s does not exist',
user, controller, user)
code, response = errors.does_not_exist('user')
else:
LOGGER.error(
'/USERS/%s/controllers/%s [PUT] => No Permission to perform this action',
user, controller)
code, response = errors.no_permission()
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def login():
try:
LOGGER.info('/USERS/login [POST] => receiving call')
execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
code, response = 200, 'Success'
LOGGER.info('/USERS/login [POST] => Succesfully logged in!')
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def update_ssh_keys(user):
try:
LOGGER.info('/USERS/%s/ssh-keys [PUT] => receiving call', user)
data = request.json
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS/%s/ssh-keys [PUT] => Authenticated!', user)
if token.is_admin or token.username == user:
if juju.user_exists(user):
for key in data['ssh-keys']:
try:
fp_key = base64.b64decode(
key.strip().split()[1].encode('ascii'))
fp_plain = hashlib.md5(fp_key).hexdigest()
output = ':'.join(
a + b
for a, b in zip(fp_plain[::2], fp_plain[1::2]))
except Exception:
code, response = errors.invalid_ssh_key(key)
return juju.create_response(code, response)
juju.update_ssh_keys_user(user, data['ssh-keys'])
LOGGER.info(
'/USERS/%s/ssh-keys [PUT] => SSH-keys are being updated, check update_ssh_keys.log for more information!',
user)
code, response = 202, 'SSH-keys are being updated'
else:
code, response = errors.does_not_exist('user')
LOGGER.error(
'/USERS/%s/ssh-keys [PUT] => User %s does not exist!',
user, user)
else:
code, response = errors.no_permission()
LOGGER.error(
'/USERS/%s/ssh-keys [PUT] => No Permission to perform this action!',
user)
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def get_users_info():
try:
LOGGER.info('/USERS [GET] => receiving call')
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS [GET] => Authenticated!')
code, response = 200, juju.get_users_info(token)
LOGGER.info('/USERS [GET] => Succesfully retieved all users!')
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def create_user():
try:
LOGGER.info('/USERS [POST] => receiving call')
data = request.json
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS [POST] => Authenticated!')
valid, user = juju.check_input(data['username'], "username")
if token.is_admin:
if valid:
if juju.user_exists(user):
code, response = errors.already_exists('user')
LOGGER.error(
'/USERS [POST] => Username %s already exists!', user)
elif data['password']:
LOGGER.info(
'/USERS [POST] => Creating user %s, check add_user.log for more information!',
user)
juju.create_user(user, data['password'])
code, response = 202, 'User {} is being created'.format(
user)
else:
code, response = errors.empty()
LOGGER.error('/USERS [POST] => Password cannot be empty!')
else:
code, response = 400, user
LOGGER.error(
'/USERS [POST] => Username does not have the correct format!'
)
else:
code, response = errors.no_permission()
LOGGER.error(
'/USERS [POST] => No Permission to perform this action!')
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def get_model_access(user, controller, model):
try:
LOGGER.info(
'/USERS/%s/controllers/%s/models/%s [GET] => receiving call!',
user, controller, model)
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info(
'/USERS/%s/controllers/%s/models/%s [GET] => Authenticated!', user,
controller, model)
con, mod = juju.authorize(token, controller, model)
LOGGER.info('/USERS/%s/controllers/%s/models/%s [GET] => Authorized!',
user, controller, model)
if token.is_admin or token.username == user or mod.access == 'admin' or con.access == 'superuser':
if juju.user_exists(user):
access = juju.get_model_access(mod.m_name, con.c_name, user)
code, response = 200, {'access': access}
LOGGER.info(
'/USERS/%s/controllers/%s/models/%s [GET] => Succesfully retrieved model access!',
user, controller, model)
else:
code, response = errors.does_not_exist('user')
LOGGER.error(
'/USERS/%s/controllers/%s/models/%s [GET] => User %s does not exist!',
user, controller, model, user)
else:
code, response = errors.no_permission()
LOGGER.error(
'/USERS/%s/controllers/%s/models/%s [GET] => No Permission to perform this action!',
user, controller, model)
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def add_credential(user):
try:
LOGGER.info('/USERS/%s/credentials [POST] => receiving call', user)
data = request.json
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS/%s/credentials [POST] => Authenticated!', user)
if token.is_admin or token.username == user:
if juju.user_exists(user):
if not juju.credential_exists(user, data['name']):
juju.add_credential(user, data)
LOGGER.info(
'/USERS/%s/credentials [POST] => Adding credentials, check add_credential.log for more information!',
user)
code, response = 202, 'Credentials are being added'
else:
code, response = errors.already_exists('credential')
LOGGER.error(
'/USERS/%s/credentials [POST] => Credential for User %s already exists!',
user, user)
else:
code, response = errors.does_not_exist('user')
LOGGER.error(
'/USERS/%s/credentials [POST] => User %s does not exist!',
user, user)
else:
code, response = errors.no_permission()
LOGGER.error(
'/USERS/%s/credentials [POST] => No Permission to perform this action!',
user)
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def change_user_password(user):
try:
LOGGER.info('/USERS/%s [PUT] => receiving call', user)
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS/%s [PUT] => Authenticated!', user)
if user == token.username or token.is_admin:
if juju.user_exists(user):
pwd = request.json['password']
if pwd:
execute_task(juju.change_user_password, token, user, pwd)
code, response = 200, 'Succesfully changed password for user {}'.format(
user)
LOGGER.info(
'/USERS/%s [PUT] => Succesfully changed password for user %s!',
user, user)
else:
code, response = errors.empty()
LOGGER.error(
'/USERS/%s [PUT] => User password can\'t be empty!',
user)
else:
code, response = errors.does_not_exist('user')
LOGGER.error('/USERS/%s [PUT] => User %s does not exist!',
user, user)
else:
code, response = errors.no_permission()
LOGGER.error(
'/USERS/%s [PUT] => No Permission to perform this action!',
user)
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def delete_user(user):
try:
LOGGER.info('/USERS/%s [DELETE] => receiving call', user)
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS/%s [DELETE] => Authenticated!', user)
if token.is_admin:
if juju.user_exists(user):
if user != 'admin':
juju.delete_user(user)
code, response = 202, 'User {} is being removed'.format(
user)
LOGGER.info(
'/USERS/%s [DELETE] => User %s is being removed!',
user, user)
else:
code, response = 403, 'This would remove the admin from the system!'
LOGGER.error(
'/USERS/%s [DELETE] => This would remove the admin from the system!',
user)
else:
code, response = errors.does_not_exist('user')
LOGGER.error('/USERS/%s [DELETE] => User %s does not exist!',
user, user)
else:
code, response = errors.no_permission()
LOGGER.error(
'/USERS/%s [DELETE] => No Permission to perform this action!',
user)
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def remove_credential(user, credential):
try:
LOGGER.info('/USERS/%s/credentials/%s [DELETE] => receiving call',
user, credential)
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS/%s/credentials/%s [DELETE] => Authenticated!',
user, credential)
if token.is_admin or token.username == user:
if juju.user_exists(user):
if juju.credential_exists(user, credential):
juju.remove_credential(user, credential)
LOGGER.info(
'/USERS/%s/credentials/%s [DELETE] => Removing credential, check remove_credential.log for more information!',
user, credential)
code, response = 202, 'Credentials are being removed'
else:
code, response = errors.does_not_exist('credential')
else:
code, response = errors.does_not_exist('user')
LOGGER.error(
'/USERS/%s/credentials/%s [DELETE] => User %s does not exist!',
user, credential, user)
else:
code, response = errors.no_permission()
LOGGER.error(
'/USERS/%s/credentials/%s [DELETE] => No Permission to perform this action!',
user, credential)
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)